On 07 Jun 2014, at 08:38, Maxime Villard <m...@m00nbsd.net> wrote: > Contributing code upstream would have been a way more productive
> approach; It's already been stated that working with upstream is out of the question for at least the following reasons: * Bugs linger unattended for years. * The code style is next to unreadable for outsiders. * C security standards and best practices are severely lacking. * Upstream doesn't have the manpower to change any of this. And my favourite bit: * Upstream generates money by enforcing the above. It's a business model. From an economical standpoint a good one, but technologically, ethically and ideologically it's a disaster for our modern society that bases a lot of trust on OpenSSL. It's when open source effectively becomes broken source, and the only way to change that is to fork or rewrite. OpenSSL and everybody willing to use it will be able to benefit freely from LibReSSL efforts, given that they commit to improving their code base. A project that's not willing to improve on its own should, bluntly put, die as soon as possible. There is no reason to state your opinion about how OpenSSL should have been fixed given the facts that you chose to ignore. Consider the possibility that your view is wrong. And don't assume that LibReSSL is the right thing, it's just a thing. Well, a good thing. Definitely not a bad thing. I hope we can agree on that. Cheers, Franco
